hsm signing service, refactor for TransactionSender signing functions,

etc.

Author: mauri-rsk

federator/config/config.sample.js

@@ -9,4 +9,6 @@ module.exports = {
     etherscanApiKey: '',
     runHeartbeatEvery: 1, // In hours
     endpointsPort: 5000, // Server port
+    hsmPort: 6000, // [HSM] signing service port
+    hsmHost: '127.0.0.1' // [HSM] signing service host
 }

federator/src/lib/HSM.js

@@ -0,0 +1,52 @@
+const net = require('net');
+const utils = require('./utils');
+
+const payloadBuilder =
+    (
+        command,
+        keyId,
+        txnHash
+    ) => `{"command":"${command}","keyId":"${keyId}","message":{"hash":"${txnHash}"},"version":2}`;
+
+module.exports = class HSM {
+    constructor({
+        host = '127.0.0.1',
+        port = 6000,
+    }) {
+        this.host = host;
+        this.port = port;
+        this.client = null;
+    }
+
+    async receive() {
+        return new Promise((resolve, reject) => {
+            this.client.on('data', (data) => {
+                resolve(data.toString());
+                this.client.end();
+            })
+
+            this.client.on('end', () => {
+                resolve(`connection to ${this.host}:${this.port} closed`)
+            })
+
+            this.client.on('error', (err) => {
+                reject(`Error: ${err.message}`)
+            })
+        })
+    }
+
+    send(msgToSign = '') {
+        const payload = utils.hsmPayloadBuilder(`sign`, `m/44'/137'/0'/0/0`, msgToSign);
+        return this.client.write(`${payload}\n`);
+    }
+
+    async connectSendAndReceive(msgToSign) {
+        try {
+            this.client = net.connect(this.port, this.host);
+            this.send(msgToSign);
+            return this.receive();
+        } catch(err) {
+            console.log(`HSM (connectSendAndReceive)`, err);
+        }
+    }
+}

federator/src/lib/TransactionSender.js

@@ -1,9 +1,9 @@
-
 const Tx = require('ethereumjs-tx');
 const ethUtils = require('ethereumjs-util');
 const utils = require('./utils');
 const fs = require('fs');
 const axios = require('axios');
+const HSM = require('./HSM');
 
 module.exports = class TransactionSender {
     constructor(client, logger, config) {
@@ -13,6 +13,10 @@ module.exports = class TransactionSender {
         this.manuallyCheck = `${config.storagePath || __dirname}/manuallyCheck.txt`;
         this.etherscanApiKey = config.etherscanApiKey;
         this.debuggingMode = false;
+        this.hsm = new HSM({
+            port: config.hsmPort,
+            host: config.hsmHost
+        })
     }
 
     async getNonce(address) {
@@ -126,12 +130,36 @@ module.exports = class TransactionSender {
         return rawTx;
     }
 
-    signRawTransaction(rawTx, privateKey) {
+    async signRawTransaction(rawTx, privateKey, useHSM) {
         let tx = new Tx(rawTx);
-        tx.sign(utils.hexStringToBuffer(privateKey));
+        if(!useHSM) {
+            tx.sign(utils.hexStringToBuffer(privateKey));
+        } else {
+            const txHash = tx.hash(false).toString();
+            const { 
+                errorcode,
+                signature: {
+                    r,
+                    s
+                }
+            } = JSON.parse(await this.hsm.connectSendAndReceive(txHash));
+
+            if(errorcode != 0) {
+                throw new Error(`error while signing txn with HSM`)
+            }
+            
+            tx = {
+                ...tx,
+                r,
+                s,
+                v: this.getChainId() * 2 + 8
+            }
+            
+        }
         return tx;
     }
 
+
     async getAddress(privateKey) {
         let address = null;
         if (privateKey && privateKey.length) {
@@ -170,15 +198,15 @@ module.exports = class TransactionSender {
         return response.data;
     }
 
-    async sendTransaction(to, data, value, privateKey) {
+    async sendTransaction(to, data, value, privateKey, useHSM = false) {
         const chainId =  await this.getChainId();
         let txHash;
         let receipt;
         try {
             let from = await this.getAddress(privateKey);
             let rawTx = await this.createRawTransaction(from, to, data, value);
-            if (privateKey && privateKey.length) {
-                let signedTx = this.signRawTransaction(rawTx, privateKey);
+            if (privateKey && privateKey.length || useHSM) {
+                let signedTx = await this.signRawTransaction(rawTx, privateKey, useHSM);
                 const serializedTx = ethUtils.bufferToHex(signedTx.serialize());
                 receipt = await this.client.eth.sendSignedTransaction(serializedTx).once('transactionHash', async (hash) => {
                     txHash = hash;

federator/src/lib/utils.js

@@ -176,6 +176,9 @@ async function evm_mine(iterations, web3Instance = null) {
         await asyncMine(web3Instance);
     };
 };
+function hsmPayloadBuilder(command, keyId, txnHash) {
+    return `{"command":"${command}","keyId":"${keyId}","message":{"hash":"${txnHash}"},"version":2}`;
+}
 
 module.exports = {
     asyncMine,
@@ -193,5 +196,6 @@ module.exports = {
     zeroHash: '0x0000000000000000000000000000000000000000000000000000000000000000',
     retry,
     retry3Times,
-    getHeartbeatPollingInterval
+    getHeartbeatPollingInterval,
+    hsmPayloadBuilder
 }